Violation of data privacy and harassment by online lending apps

The rapid digital transformation of the Philippine financial landscape has birthed a dual-edged sword: increased financial inclusion and the rise of predatory "Online Lending Applications" (OLAs). While these platforms offer quick credit to the unbanked, they have become notorious for systemic violations of the Data Privacy Act of 2012 (RA 10173) and the commission of Cyber-harassment.

I. The Mechanics of the Violation

Most predatory OLAs operate by requiring excessive "app permissions" as a condition for loan approval. These permissions often grant the app access to:

  • Contact Lists: Every name and number stored in the user’s phone.
  • Photo Galleries and Media: Often used for blackmail or "shaming."
  • Location Data (GPS): To track the borrower’s physical movement.
  • Social Media Profiles: To identify friends, family, and employers.

Under the Data Privacy Act (DPA), the processing of personal data must adhere to the principles of Transparency, Legitimate Purpose, and Proportionality. Accessing an entire contact list to collect a debt is considered a violation of the proportionality principle, as such data is not necessary for the primary purpose of credit scoring or loan disbursement.

II. Debt Collection Harassment and Cyber-shaming

When a borrower defaults or is even a few hours late, many OLAs employ "collection agents" who use the harvested data to launch harassment campaigns. Common tactics include:

  1. Contact Outing: Sending blast SMS messages or making calls to the borrower’s entire contact list, informing them of the debt.
  2. Social Media Shaming: Posting the borrower’s photo on Facebook or creating group chats with their friends and family to label them a "scammer" or "thief."
  3. Threats and Profanity: Using death threats, legal intimidation (often involving fake subpoenas), and verbal abuse via phone calls and messaging apps.

In the eyes of Philippine law, these acts constitute Unfair Debt Collection Practices as defined by SEC Memorandum Circular No. 18 (Series of 2019).

III. The Legal Framework for Redress

1. The Data Privacy Act of 2012 (RA 10173)

The National Privacy Commission (NPC) has the authority to penalize apps that process data unlawfully. Section 25 (Unauthorized Processing) and Section 28 (Processing for Unauthorized Purposes) carry heavy fines and imprisonment. The NPC has issued numerous cease-and-desist orders against OLAs for "excessive data harvesting."

2. SEC Memorandum Circular No. 18, Series of 2019

The Securities and Exchange Commission (SEC) prohibits lending companies from using threats, profanity, or any conduct the purpose of which is to harass or abuse any person. Specific prohibited acts include:

  • Publicly listing the names of borrowers who are delinquent.
  • Contacting persons in the borrower’s contact list other than those named as guarantors.

3. The Cybercrime Prevention Act of 2012 (RA 10175)

Acts of online shaming and harassment can fall under Cyber-libel. Furthermore, the unauthorized access to a computer system (the user's phone) to gain private data can be prosecuted as a cybercrime.

4. Revised Penal Code (RPC)

Traditional crimes such as Grave Threats (Art. 282), Light Threats (Art. 283), and Unjust Vexation (Art. 287) apply to the conduct of collection agents.

IV. Regulatory Actions and Jurisprudence

The SEC and NPC have historically collaborated to shut down hundreds of unregistered OLAs. In many cases, the SEC revokes the Certificate of Authority (CA) of lending companies found to be violating privacy and fair collection standards.

Victims are encouraged to:

  • Document everything: Save screenshots of messages, call logs, and social media posts.
  • File a Formal Complaint: Lodge a complaint with the NPC for privacy violations and the SEC's Enforcement and Investor Protection Department for harassment.
  • NBI Cybercrime Division: For cases involving threats to life or digital extortion.

V. Conclusion

The convenience of online lending does not grant companies a license to bypass the fundamental right to privacy or the dignity of the person. The Philippine legal system provides a robust framework for protection; however, the challenge remains in the enforcement against "fly-by-night" entities that operate without SEC registration. Vigilance in checking the SEC's list of registered lending companies remains the primary defense for the Filipino consumer.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login